Someone please calculate malleability-related damage to exchanges

[Loozik]

Hi,

I use Gox and Stamp. Both exchanges halted BTC withdrawals. It is my guess the exchange businesses suffered damages due to rouge clients who claimed and received bitcoins twice.

Someone please come up with a method to aproximate the amount of bitcoins that were sent twice.

I simply want to know if exchanges lost 1 thusand BTC or rather 1 million BTC.

[CobaltPH]

The malleability problem causes delays and unattended behaviour of those accepting unconfirmed outputs as input for newer transactions.

No bitcoin can be spent twice. Btw, If gox BTCs vanished it must be for some other reasons.

[Loozik]

BUMP.

Can someone smarty please calculate the damage done to exchanges through exploiting malleability (claiming and receiving bitcoins twice).

With all this FUD going on recently (and no communication from Gox) I am really confused about damage supposedly suffered by Gox (750k BTC)

[Epinnoia]

TM was a 3yr old issue which was on the Wiki for a year. And suddenly, when the SR2 coins are known to be 'on the move', the issue comes to the forefront? You might buy that, but I don't. Karpeles is using that as a convenient smokescreen, and it really couldn't be more obvious.

Look --Karpeles is in Japan for regulatory arbitrage. He is not there because he's Japanese or enjoys the scenery.

The fraud, in order to be committed, required someone to FALSELY claim to GOX (or another exchange) that their coins were never sent, when they actually were. They would need GOX to MANUALLY re-send those coins, in the hopes of receiving them twice. Now how many times do you think that could happen before they notice their cold storage funds depleting? It's not the least bit believable!!

I realize that betting with other peoples' coins/money is Legal in Japan. But I STRONGLY doubt that filing a false police report is. Let's see if Karpeles is willing to file a false police report...

Morally speaking, and legally speaking, if they are insolvent, then that proprietary trading engine should be liquidated to make the customers more whole. But you know what? I wouldn't be surprised if Karpeles' left hand sold his right hand a copy of the engine for $1, just in case.

[Loozik]

The fraud, in order to be committed, required someone to FALSELY claim to GOX (or another exchange) that their coins were never sent, when they actually were. They would need GOX to MANUALLY re-send those coins, in the hopes of receiving them twice.

Now we are getting somewhere.

Let's say person X (attacker) claimed BTC 666.696969 from Gox. The same person X needed to claim exactly the same amount (BTC 666.696969) from Gox a week or two weeks later, right?

Is it really so hard to run a query on blockchain data to identify such transaction pairs, initiated from addresses that once had a fairly high value of ''total received'' (indicating they were exchange address) and sent the same amount twice within a certain period of time?

-------------------------------------------------------------

If someone identifies such pairs, then we might at least get the idea of the maximum possible theft / fraud / scam threshold.